IETF Logo Mail Archive

Re: [SPICE] Revised Charter

Roman Danyliw <rdd@cert.org> Thu, 18 January 2024 22:44 UTC

Return-Path: <rdd@cert.org>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFCBBC14F616 for <spice@ietfa.amsl.com>; Thu, 18 Jan 2024 14:44:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbO8qj1NVRZH for <spice@ietfa.amsl.com>; Thu, 18 Jan 2024 14:44:16 -0800 (PST)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0122.outbound.protection.office365.us [23.103.208.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3EE8C14F6A7 for <spice@ietf.org>; Thu, 18 Jan 2024 14:44:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=jZ0pO+czuskHqZ0ZmcDlU21mnk8/QXpEEVv5vv6qrATPC8UqGDYz9Imcm7Zd3JwvRYgctSOxOaYxHZ2qZr8doQ6PiSJFvmP17vLDsotAArwaTTaC8PEA75rGuhJleAd8/YooKl/n0+5G0jtJ5rL5ykk1bRVp7+uwpYzck2ank13IaPj+bOwKgQ3vdJbe79+Of3zOEn8J6QoX9c1D2KmlQaek4uHTjz00yCfXzl/XwYC8TAn03i8H76+xJ1EnH8QV8veCDk89IIm015NJ0khwKh5jwuHUlbpm3BH1fLQqsvL0EbFx7dV5OFl/nmV39pez+A+pF+mrMJq/G8TblUQ0Xw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vd+G3y+rARW/qkx9ypUkAuwNuQFmnH9IE+5EeM8j0aw=; b=ICtbn9jWAPyv78O/3vurHNHzuJTeUUo/I0xjXUSLBgcyLhT4C4kHAGP34sdxesajbUmh7O3ozf15ykPPVApAmRwgtTUChzkswXBKHOcoXrLr1giyEIB19TqJa6KReFVwh0excrxup0R+NPlSddIk7QUGOtEr1WLK4W1y6G/JpCNhUKFeuuY4eKrlzgu+uOcbM66NKKzyapIUV0r8DnjABJ6Kz9DSEORTajsHsla2Qc7PmZPVVfPaT+fsZW50e8NdAGRG+dPYaAxyCSngRXuiO/XQcK9VZxiy1AwwECXfMEHrtPtS9bs1/rbCCo7ooTc1AxSrGN6WtXEX8cYh2HK24w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vd+G3y+rARW/qkx9ypUkAuwNuQFmnH9IE+5EeM8j0aw=; b=A6ysGnFI96uBfKgKNjoU/xWoAycOURlTy3VyNUIqYrE0KkF9JqPusUwB+R1tXRJeFYSv4rPyj9SqhRHQA15d+RR/sLF2SbwKQTeVlwHiJDjjupoBcL6UwfIhxSlBrQhVxE6sw1F62vKN3cxnrAE6TpH4XGH9Zv6BtzPwHUu9oq0=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1400.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:17a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.24; Thu, 18 Jan 2024 22:44:12 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::364:96fe:e2d6:b29f]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::364:96fe:e2d6:b29f%4]) with mapi id 15.20.7202.024; Thu, 18 Jan 2024 22:44:12 +0000
From: Roman Danyliw <rdd@cert.org>
To: Orie Steele <orie@transmute.industries>, "spice@ietf.org" <spice@ietf.org>
Thread-Topic: [SPICE] Revised Charter
Thread-Index: AQHaSjrN8atSIzTl9kG4Scqahdop7bDgKz8g
Date: Thu, 18 Jan 2024 22:44:12 +0000
Message-ID: <BN2P110MB1107422AB87BB4AFED71A751DC71A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <CAN8C-_+_uWRwgden4DhfOG4kxbExhMk3vgL_9thjt9M4y=Q7CA@mail.gmail.com>
In-Reply-To: <CAN8C-_+_uWRwgden4DhfOG4kxbExhMk3vgL_9thjt9M4y=Q7CA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1400:EE_
x-ms-office365-filtering-correlation-id: ca60c375-e101-4b03-b0c3-08dc1876fde3
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PgGoiqcojLYUBKofEtplX+nM4esZSeQhMH1CRu12ebCP1tRg5vFd8S96MDtM3acNSsh/y1c/7p4ZCairiZQF2UIpkAQl3uwwpSUEGJb30yTqeZAISDofMRKasRk9t5n8G6LUDqnquaMclXykLZ5zYdZL9Wnu4btAb6i1vPY1XpuuKUbASMsgUP/kcnBfxPHKmg7TO1PpDeSvpOiFnUZvrChv8Pf9wwtq/AlDG5SdSNUHiEqymLyysG0cknIXeMo63P4dk5hph78LWYF7el2B8jA2uRKky3y2G+Ni95da+Z88jgaVUESqqcHCvI3N6XYChM+y2MpeODlxhPqFPgGejMm35LG9BhecORq4+IRy+D5X2U7eoJuea9zNpchTmZ5dK+wdCKsPT+vZqQhYwGMIwJi0KsxZWPTTBz5O8pi8PB1GCiFRVmAl6bsRFACpJIA7oQgsU57v0TRJLHEbM7K8oDxvCDm6QslfbvpO1fqd+xnoxdERhglCnG+1wM6lz4OCpMjCq02QwWhOsRKSzyWom4e9CyWVSxD8cdigVeP944MSvWRneA9jh6L5ObNNa/lz5Q/pvLQ+eq/oj/SvVzkvfqf73Njb1/c93aWxoA+2qjY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(136003)(39830400003)(366004)(396003)(230922051799003)(186009)(451199024)(64100799003)(1800799012)(38070700009)(55016003)(66899024)(41320700001)(66556008)(2906002)(6506007)(9686003)(71200400001)(7696005)(5660300002)(53546011)(66946007)(110136005)(8676002)(26005)(66446008)(76116006)(64756008)(8936002)(52536014)(122000001)(66476007)(83380400001)(38100700002)(99936003)(966005)(166002)(508600001)(41300700001)(33656002)(86362001)(82960400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: T98PtXKnT6bIhnOx2tc/KQgYp3gFQJvCqUE//AqRJONaanNKIr8gR+KtxUbc2egtkjG7omteu+la8ShRsq2Xr3ju6LMn7GERe/JJ6hrYXdhmpEX009v7UeIlxo6OYLqkcYf0g/EcD51BMQ2N3mYzuFPffSDVvbGGa5glPhH/I1v9kR5XXY6ciaLm1mBMRA1sx+Xkaf4wtpm8Rn+wjUam+6PY4HUjNFzn3p7VpjmBS1rlbkB6/Uj0LoXHig49PiA53h5bZSYKJrVUG4Jg3KM/2npDJPEUn4B18YfOdeFQjXzugOGd3RbCWNhvSyQcZXnCoUFGP5aOC6t4xv/q4pls+GvDP1oMXC00IU68Cf5PMU8H8HXMpgnkx+nJyHbWBax2fy2iJT5wti8K/cQsqcw5ULSuVskV6L9cYg0Jtwo8wb72bTV6dKXTsSUVNrI0vPn6osMQ00WkkZgeLROpUUaY11Gg+YBAS8W+l/KPDGIlKSCKTl0Z4Fvwid3S5pqxF4r4GErLeK5/rtV2xCq9KujaRum9NONfDFaNV80P+ltMTEkd3/MMSaNBITf33n+SQBUvLo/M5ZC+emcgNyyOc5gxPG/xk6I9BA3aAIZGZC84qatS7eh8A2U67wWZyDLS9YmCM0/ybHTkJWlGzo1hY9O6vDPvUaLDlDWId3RN9FUwt+X3J0HH4mIZSN9CDDkHwhp9h4Ru5nZVHwH1JZ+Si+EQGcKOhuTFhUnWLPAFI3zYhyjNZa884jtzSLqxIy3Yj6QPzxYBcoa7woef4Tu6Ia5QAaHHaSelYI70+xHaTpmckMfgNCXs1uqKRhYYwOFrxhV8wcJFvUEn67RG8ClTNiUcpYLqAyRobNedPZuCGmoYzGEvO/wfngVduTMU9c8Bk3BNIarQNfZKGKR2VXW6yuSasXBuav8nQA7CSWCRIsh0UX8NGhbh5GnuSFZ2RHd2xnL4LLRsViKzp2jrtGZR5Q6KvFWht4CUpqFL7nlrd1vangpxyFSgeERtWQs1MUOnmDYkWZQ6MywDkfcKFw43mW135LbDWGjCfO01QojPnFwTwEd4oGoAkny3O6aJ43tzOvp6d7hvE+HPGq06/LtSMkdiccyp4d3iVROs8spsDWhEvatX6JA90o+D9R/4nUtLb7SAgQ03z3GrfD4a6b51iijHHYmzaAb0dnZ/zP4oBushGWu/H5HAwGUhdp7xOpad0vFeF5ZXxCD8RtU7lYK5J9KwBznhuu3H0TGUDqOt2jopEPfB2SU9mn7BNmwuipbRJZ5qmM0T1sEq8DPyvz0tMOyfS+bCYvADLOvav87HhrwPRRlZBJkbwZMldCFxUAHk8BXvfhzpwaCFjoXQ0UwzQP4HXz6moW7UpuVqWSoaHlzX18aZQJnNcXqJKIk4TChmkm+kuTn5SfTtF5DFd/Fo4e7FAI6JcdXdESPxZo7k7wOd+pauROhHT8NhCpJo8PXlGtTt/PYIGywUiOeXmcQJ9KSAB1nIEYQwBYyfBhPu6iP1uNk=
Content-Type: multipart/related; boundary="_004_BN2P110MB1107422AB87BB4AFED71A751DC71ABN2P110MB1107NAMP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ca60c375-e101-4b03-b0c3-08dc1876fde3
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jan 2024 22:44:12.4237 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1400
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/z6YaRNLLjSwUYH85BuyClFE71Sg>
Subject: Re: [SPICE] Revised Charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2024 22:44:20 -0000

Hi!

Thanks for all of the iteration to get to this text.  I have a few questions and comments.

** Per the “Background” Section:

-- “Some sets of claim names are registered with IANA and originate from the IETF, OIDF and other standards organizations.”

o Editorially, at no point in the text so far has there been any link made between “sets of claims” and a “digital credential”.  The introductory paragraph talks about “values” and “attributes” of claims.  I recommend some bridging text.

o As a reader, I’m not sure why I am being told this detail.  No subsequent text in the deliverables mentions that claims from other SDOs need to be used or that they are being built upon.

-- “IETF and IRTF working groups have developed foundational building blocks with BBS Signatures, RSA Blind Signatures, Verifiable Random Functions, or other Selective-Disclosure and collection limitation techniques.”

o Editorial nit.  IRTF doesn’t have WGs, it has research groups. The IESG will flag this.

o There are assertions of foundational building blocks but the text doesn’t narrative how this work would build on them.  One can infer that BBS/VRF/etc are the crypto that will be used.  The IETF WG references of “Selective-Disclosure” and “collection limitation techniques” is what?  Recommend either citing WGs or RFC/drafts if this link is important.

o I’m trying to keep the IETF/IRTF lanes clear.  Coordination with CFRG is noted later.  Is there coordination, or reuse?  What planned activities in this WG would alter the course of CFRG?

** Per the “Key Design Properties of Digital Credentials” section

-- What is the intended use of this section?  In what way does this text scope the planned work?  For example, will the WG deliver some version of those as part of the “A document specifying the selective disclosure of claims in a secure and privacy-friendly manner”? Are those related to the planned architecture deliverable?)

-- I’m a little confused by the framing of this section as being able design properties of “digital credentials” but the “In-Scope”/”Goal”/”Deliverable” sections aren’t linked to digital credentials.  Some editorial bridging is needed.

** Strongly recommend merging “In-Scope” and “Goals” sections.  Move the text currently in Goals to the end of the current “In Scope” text (i.e., reverse the order).  Editorially, charters typically first say what they will do and then describe who they will work with.

** Per the “Goals”

-- Per the text “Additionally, the SPICE WG will coordinate with other SDOs, such as ISO or W3C, on data model elements or protocols needed to support existing credential use cases”

o what is the thinking behind “support existing credential use cases”?  Are these new design goals?

o I observe that ISO is a very BIG organization.  IETF even has multiple liaisons for subsets of ISO.  Can this text be more specific about the relevant links?

** Per the “In-Scope”

-- Per the text “The SPICE WG will consider the use of TEEs (Trusted Execution Environments) for managing key material and digital credentials.”  Can that design be made now?  Can this be deferred for future charter scope?  I’m practically asking what “consider” means here.  It seems like a conditional scope (i.e., “we don’t know if we want to deliver this but we want it in scope”).

-- Per the text “Focusing on crisp technical specifications and producing separate informative guidance documents helps to keep technical interested parties involved”, I observe that the planned deliverables only include a single informative architecture.  Is that sufficient?  Perhaps that is the lesson learned?

** Per the Deliverables?

-- Will the meta-discovery document describe a single protocol? multiple protocols for discovery?  Does it build on any prior work protocol work (e.g., is it an HTTP API? COAP?)

-- Per a “document specifying the selective disclosure of claims in a secure and privacy-friendly manner”:

o What is the relation between this document and digital credential (the substance of the front matter)?  Is this providing a framework/set of claims to let others produce their own digital credentials with particular security properties?

o What is the relationship between the “security” and “privacy-friendly” properties and the more detailed key design properties?

o What is the encoding of the claims for this document? JSON and CBOR are noted in the lesson learned but not in the explicit scoping.

Roman

From: Orie Steele <orie@transmute.industries>
Sent: Thursday, January 18, 2024 1:19 PM
To: spice@ietf.org
Subject: [SPICE] Revised Charter

Hello Spice Enthusiasts,

Our revised draft charter can be found here:

- https://github.com/transmute-industries/ietf-spice-charter/blob/8f140a014ed13a21ff308b4d48d745ead67d8c54/charter.md

Thanks to everyone who contributed text on github and through the mailing list.

As mentioned on our calls, I will submit a bof request with the draft charter text as of today.

If anyone has objections to the current charter text, please provide NEW and OLD suggestions through the mailing list (on a seperate thread), so we can finalize any remaining gaps.

If you support the current draft charter text, please reply to this email indicating that you support the current text.

I support the current charter text.

Regards,

OS


--



ORIE STEELE
Chief Technology Officer
www.transmute.industries

[Image removed by sender.]<https://transmute.industries/>

v2.23.0 | Report a Bug | By Email